Despite constant warnings about cyber security and the importance of hard-to-guess passwords, Internet users still seem to think that “123456” and “password” will keep hackers away, according to SplashData’s annual “worst passwords” list.

The password software provider has compiled a list of 25 most commonly used bad passwords that offer little or no protection for your email, social media or online banking accounts.

According to SplashData, “password” and character sequences such as “123456” or “abc123” are still the most popular passwords. “Monkey,” “letmein,” and common names like “Michael” and “Ashley” also made the list of 25 worst passwords.

New entries on the list this year include “Jesus,” “ninja,” and “mustang.”

SplashData compiled the list by looking at millions of stolen passwords posted online by hackers.

In a news release, company CEO Morgan Slain said anyone using any of the passwords on the list should change them immediately.

"Hackers can easily break into many accounts just by repeatedly trying common passwords,” he said. “Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft.”

SplashData offers some tips, such as creating longer passwords with a variety of characters and using different passwords for each online service you use.

Here are SplashData’s 25 worst passwords of 2012:

1. password (Unchanged)

2, 123456 (Unchanged)

3. 12345678 (Unchanged)

4. abc123 (Up 1)

5. qwerty (Down 1)

6. monkey (Unchanged)

7. letmein (Up 1)

8. dragon (Up 2)

9. 111111 (Up 3)

10. baseball (Up 1)

11. iloveyou (Up 2)

12. trustno1 (Down 3)

13. 1234567 (Down 6)

14. sunshine (Up 1)

15. master (Down 1)

16. 123123 (Up 4)

17. welcome (New)

18. shadow (Up 1)

19. ashley (Down 3)

20. football (Up 5)

21. jesus (New)

22. michael (Up 2)

23. ninja (New)

24. mustang (New)

25. password1 (New)